Attackers use automated techniques to scan specific network ranges and identify vulnerable systems, such as a machine running pirated software with no security patches, to install their bot program. The infected machine then responds to commands, usually via an internet relay chat channel, from so-called "bot herders"— computers tasked to lead and co-ordinate attacks.
—Bien Perez, "Rising broadband use fuels internet attacks in China," South China Morning Post, September 26, 2006

"We're fighting a war of intelligence. The botnet herders keep advancing and moving forward at a fast rate, and we just can't keep up. There are just too many obstacles in our way," Evron added.

The complex setup now includes the use of hijacked computers to host the DNS (Domain Name System) servers that provide domain resolution services for the rogue.

This allows a bot herder to dynamically change IP addresses without changing a DNS record or the hosting—and constant moving around—of phishing Web sites on bot computers.
—Ryan Naraine, "Is the Botnet Battle Already Lost?," eWeek, October 16, 2006

What's more, hacking specialists, dubbed bot-herders, are assembling bot armies of thousands of compromised machines and using them to extort protection money from gambling Web sites.
—Byron Acohido, "Sasser inspires raiders to jump in," USA Today, June 10, 2004